Industrial IT Security through Remote Access and Crypto Modules by Sematicon

se.MIS™ is a specialized platform for secure remote access and auditing in industrial environments. It enables controlled access to machines, equipment, and OT systems—without the need for a VPN or software installation on the target systems.

Through a proxy-based zero-trust principle, access is indirect and isolated, significantly reducing the attack surface. All activities are fully logged and can be traced at any time.

In addition to secure remote maintenance, se.MIS™ positions itself as a central maintenance and audit platform:

• digital maintenance log for complete traceability
• Support for maintenance planning and forecasting
• Audit-proof documentation of all accesses and changes

This makes the solution particularly suitable for regulated environments (e.g., KRITIS) and creates a secure foundation for operations, service, and compliance.

Modular Architecture for Maximum Flexibility

The se.MIS™ platform is based on a modular design and can be flexibly adapted to existing IT and OT infrastructures. All components adhere to the zero-trust principle and enable secure, indirect access without a VPN or direct network connections.

se.MIS™ Manager

Central Control and Audit Entity
The se.MIS™ Manager is the central system for user interaction, access control, and logging. It is operated within the internal network and acts as a controlled access point to the isolated machine network

• Central management of users, roles, and access rights
• Complete auditing and session logging
• Orchestration of all access based on the proxy principle

se.MIS™ AccessGateway (optional)

Secure access from external networks
The AccessGateway enables external users to access systems in a controlled manner without directly opening the internal firewall.

• Secure remote access via the Internet
• No direct connection to the target system
• Extension of the zero-trust architecture for external partners and service providers

se.MIS™ Connector (optional)

Bridge between IT and OT networks
The Connector establishes a secure connection between IT and machine networks – completely indirectly and without traditional VPN technology.

• Segmented and controlled communication between networks
• Freely configurable for different architectures
• Significantly higher security than conventional VPN solutions

se.MIS™ KVM Extender (optional)

Access to non-networked systems
The KVM Extender enables access to machines without a network connection, e.g., in legacy or isolated production environments.

• Transmission of keyboard, mouse, and video signals (KVM)
• Ideal for older or highly secure systems
• Integration into the central audit and access concept

With the se.SAM™ series, Sematicon offers hardware-based security solutions that serve as a central component of modern IT, OT, and IoT security architectures.

The cryptographic modules function as Hardware Security Modules (HSM) and represent a strategic USP for Sematicon:

• Secure key management and support for PKI infrastructures
• Execution of cryptographic operations directly in hardware
• Protection of sensitive data, identities, and communication processes

Especially in the embedded and IoT sectors, the modules enable comprehensive security:

• Protection of embedded systems and IoT devices
• Securing firmware and software integrity
• Trust anchor for device identities and secure communication

The combination of hardware security and cryptography creates an end-to-end security architecture—from the individual device through the network to access.

Turnkey solution with a flexible interface
se.SAM™ crypto modules with integrated cryptographic components can be used across all operating systems and architectures without any software or drivers.

International standards and guidelines
se.SAM™ simplifies the implementation of guidelines such as IEC-62443 in industrial IT environments. With Sematicon crypto modules, you meet all cryptography requirements.

Cryptography in hardware
se.SAM™ crypto modules execute all cryptographic operations in hardware, ensuring optimal key protection and reliable security.

Long-term availability
The long-term availability of the se.SAM™ crypto modules prevents costly recertifications caused by hardware changes.

High environmental resistance
The se.SAM™ U-Series crypto modules are waterproof, shock resistant and temperature resistant, making them suitable for both indoor and outdoor use.

High electromagnetic immunity
se.SAM™ is certified for IT and industrial environments and is therefore ideal for installation in systems or control cabinets.

In partnership with the experts at NetDescribe, Sematicon complements its solutions with specialized consulting and engineering services focused on comprehensive security concepts.

The focus is on:

• Development and implementation of cryptography and PKI architectures
• Integration of HSM solutions into existing IT, OT, and IoT infrastructures
• Securing embedded systems and devices throughout their entire lifecycle

In addition, we support companies with:

• the implementation of compliance requirements (e.g., IEC 62443, KRITIS, CRA)
• the establishment of secure development and operational processes
• training and knowledge transfer for internal teams

As a “Made in Germany” provider, Sematicon stands for the highest quality and security standards – from development through production.

More Efficient Processes and Automated Operations
Automate maintenance, access, and audit processes to reduce manual, error-prone tasks. This boosts efficiency, shortens turnaround times, and provides long-term relief for your teams.

Maximum Security for OT Environments
Implement a consistent zero-trust model with complete isolation of all systems. Access is granted exclusively via the proxy principle – without direct connections, without VPNs, and without agents on target systems.

Audit-proof auditing and compliance
Meet regulatory requirements (e.g., BSI, IEC 62443, Cyber Resilience Act) through comprehensive logging and full traceability of all access and changes.

Reduced attack surface and increased resilience
Prevent direct access to critical systems and minimize security risks through controlled, indirect connections and centralized access control.

Transparency and informed decisions
Leverage a centralized database for complete visibility into access, systems, and processes. This allows you to identify risks early and make informed, data-driven decisions.

Efficient maintenance and lifecycle management
Optimize service and maintenance processes with a digital maintenance log, structured documentation, and support for planning and forecasting.

Lower operating and follow-up costs
Reduce downtime, security risks, and administrative overhead – thereby sustainably lowering operating and compliance costs.

Scalable and future-proof architecture
Flexibly adapt the solution to your infrastructure – from individual plants to complex, distributed industrial environments.

Trustworthy security “Made in Germany”
Benefit from a solution developed and produced in Germany that meets the highest security and quality standards.